I was trying to use SAML through SSO,my question is when a session becomes invalid in IDP, how does IDP notifies this to SP, if I have multiple copy of SP sitting in geographically distributed region sitting behind a load balancer,how the message reaches a particular SP as the DNS name for all will be same.
Asked
Active
Viewed 349 times
-1
-
you'll probably have to setup loadbalancer to distribute that type of call between all nodes – Oleg Mikheev Jan 19 '14 at 05:45
-
This is not possible with SAML because the spec doesn't say anything about session management. That's not its purpose. So, every suggestion you get will be bespoke or implementation dependent. – Travis Spencer Jan 31 '14 at 19:38
1 Answers
1
Depends on specific IdP implementation. Some IdPs are using back channel. Sending SOAP message to inform all SP's that are in partner trust. OpenAM per instance is using this mechanism. Performing SLO request to all SP's.
Rastko
- 890
- 1
- 17
- 32